CVE-2014-1303

Apple Safari - Memory Corruption

Title source: rule

Description

Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.

Exploits (3)

exploitdb WORKING POC

by Ren Kimura · locallinux

https://www.exploit-db.com/exploits/44204

View Code ZIP pw:eip

exploitdb WORKING POC

by TJ Corley · localhardware

https://www.exploit-db.com/exploits/44200

View Code ZIP pw:eip

nomisec WORKING POC 24 stars

by RKX1209 · poc

https://github.com/RKX1209/CVE-2014-1303

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory vendor-advisory x_refsource_apple

http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html

Vendor Advisory x_refsource_confirm

https://support.apple.com/kb/HT6537

Third Party Advisory vendor-advisory x_refsource_apple

http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html

Third Party Advisory vendor-advisory x_refsource_apple

http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html

Various Sources x_refsource_misc

http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/

Various Sources x_refsource_misc

http://twitter.com/thezdi/statuses/444157530139136000

Scores

EPSS 0.4482

EPSS Percentile 97.6%

Details

CWE

CWE-119

Status published

Products (1)

apple/safari 7.0.2

Published Mar 26, 2014

Tracked Since Feb 18, 2026